A newly discovered Internet security flaw could leave many websites vulnerable to hackers because of weak US encryption standards in the 1990s, researchers said Tuesday. The flaw was discovered by a team led by Karthikeyan Bhargavan at INRIA in Paris -- the French Institute for Research in Computer Science and Automation -- and disclosure coordinated by Matthew Green, a cryptographer at Johns Hopkins University. Green said in a blog post that even some sites maintained by the National Security Agency and FBI appeared to be vulnerable. "Since the NSA was the organization that demanded export-grade crypto, it's only fitting that they should be the first site affected by this vulnerability," Green said.